Privilege Escalation Vulnerability in OpenStack Identity by OpenStack
CVE-2014-3476

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
17 June 2014

Summary

OpenStack Identity (Keystone) prior to specific versions is vulnerable to a privilege escalation flaw due to improper handling of chained delegation. This issue allows remote authenticated users to exploit trust or OAuth tokens with impersonation capabilities, enabling them to create new tokens with elevated roles. Such vulnerabilities can lead to unauthorized access and potential misuse of the OpenStack environment, compromising its integrity and security.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.